AAA, NAC, Guest Access & BYOD

Exiting Onguard Agent on Client does not change Role as Unhealthy

by on ‎07-14-2014 01:24 AM

Question : I have a dot 1 X authentication setup with health check. Killing the Onguard agent on my windows machine does not change my Role on the controller

 

Environment Information : This works best for CPPM 6.2

 

As per the service configuration, After exiting the Onguard agent from client device, client  remained in healthy role(should get quarantine role)


User-added image


The reason for the Role not getting changed is that for a DOT 1 X authentication, the Role is cached (default value was 300 seconds) and it will change only when the cache is timed out.


This time can be modified from "Administration » Server Manager » Server Configuration"



User-added image



In our service the below option is checked, so the Healthy Role is cached for 300 seconds.


User-added image



Once the cache gets timed out, the Role will change to Unhealthy/Quarantine as defined in the policy.

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.